<!doctype html>
<html>
    <head>
        <script src="../dist/purify.js"></script>
    </head>
    <body>
        <!-- Our DIV to receive content -->
        <div id="sanitized"></div>

        <!-- Now let's sanitize that content -->
        <script>
            'use strict';
            
            // Assuming DOMPurify is globally available
            // import DOMPurify from 'dompurify'; // Uncomment if using ES6 modules
            
            const proxy = 'https://my.proxy.service/?';
            
            // Specify dirty HTML
            const dirty = `
                <a href="http://evil.com/">CLICK</a>
                <a href="http://evil.com/" target="jajaja">CLICK</a>
                <svg><a xlink:href="http://evil.com/"><circle r=40></a></svg>
                <svg><a xlink:href="http://evil.com/" href="http://evil.com/"><circle r=40></a></svg>
                <form action="http://evil.com/"><input type="submit"></form>
                <map name="test"><area href="http://evil.com/" shape="rect" coords="0,0,200,200"></area></map>
                <math href="http://evil.com/">CLICKME</math>
            `;
            
            // Add a hook to make all links point to a proxy
            DOMPurify.addHook('afterSanitizeAttributes', node => {
                // proxy form actions
                if ('action' in node) {
                    node.setAttribute('action', `${proxy}${encodeURIComponent(node.getAttribute('action'))}`);
                }
                // proxy regular HTML links
                if (node.hasAttribute('href')) {
                    node.setAttribute('href', `${proxy}${encodeURIComponent(node.getAttribute('href'))}`);
                }
                // proxy SVG/MathML links
                if (node.hasAttribute('xlink:href')) {
                    node.setAttribute('xlink:href', `${proxy}${encodeURIComponent(node.getAttribute('xlink:href'))}`);
                }
            });
            
            // Clean HTML string and write into our DIV
            const clean = DOMPurify.sanitize(dirty);
            document.getElementById('sanitized').innerHTML = clean;
        </script>
    </body>
</html>
